Export limit exceeded: 11174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25918 | 1 Shescape Project | 1 Shescape | 2025-05-05 | 5.3 Medium |
| The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. | ||||
| CVE-2019-8062 | 1 Adobe | 1 After Effects | 2025-05-05 | 7.8 High |
| Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2018-9866 | 1 Sonicwall | 1 Global Management System | 2025-05-05 | 9.8 Critical |
| A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. | ||||
| CVE-2017-6511 | 1 Finecms Project | 1 Finecms | 2025-05-05 | 6.1 Medium |
| andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | ||||
| CVE-2022-40183 | 1 Bosch | 2 Videojet Multi 4000, Videojet Multi 4000 Firmware | 2025-05-05 | 5.8 Medium |
| An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. | ||||
| CVE-2024-0779 | 1 Mediabetaprojects | 1 Enjoy Social Feed | 2025-05-05 | 8.8 High |
| The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example | ||||
| CVE-2024-0858 | 1 Theinnovs | 1 Innovs Hr | 2025-05-05 | 8.8 High |
| The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. | ||||
| CVE-2022-3059 | 1 Schoolbox | 1 Schoolbox | 2025-05-05 | 8.6 High |
| The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. | ||||
| CVE-2024-0973 | 1 Patelmilap | 1 Widget For Social Page Feeds | 2025-05-05 | 6.1 Medium |
| The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-1401 | 1 Awplife | 1 Profile Box Shortcode And Widget | 2025-05-05 | 4.8 Medium |
| The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2021-34643 | 1 Skaut-bazar Project | 1 Skaut-bazar | 2025-05-05 | 6.1 Medium |
| The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. | ||||
| CVE-2023-7246 | 1 Bowo | 1 System Dashboard | 2025-05-05 | 5.4 Medium |
| The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks | ||||
| CVE-2021-34644 | 1 Multiplayer-plugin Project | 1 Multiplayer-plugin | 2025-05-05 | 6.1 Medium |
| The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7. | ||||
| CVE-2021-34642 | 1 Followistic | 1 Smart Email Alerts | 2025-05-05 | 6.1 Medium |
| The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10. | ||||
| CVE-2024-0337 | 1 Travelpayouts | 1 Travelpayouts | 2025-05-05 | 6.1 Medium |
| The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2021-34652 | 1 Meowapps | 1 Media Usage | 2025-05-05 | 6.1 Medium |
| The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | ||||
| CVE-2021-34649 | 1 Simple-behace-portfolio Project | 1 Simple-behace-portfolio | 2025-05-05 | 6.1 Medium |
| The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2. | ||||
| CVE-2021-34653 | 1 Wp Fountain Project | 1 Wp Fountain | 2025-05-05 | 6.1 Medium |
| The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9. | ||||
| CVE-2021-34654 | 1 Custom Post Type Relations Project | 1 Custom Post Type Relations | 2025-05-05 | 6.1 Medium |
| The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2024-0856 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-05-05 | 8.8 High |
| The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. | ||||